Security hole in RIP-2

Gary Scott Malkin <gmalkin@xylogics.com> Thu, 04 February 1993 15:27 UTC

Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Gary Scott Malkin <gmalkin@xylogics.com>
Date: Thu, 04 Feb 1993 10:26:12 -0500
Message-Id: <14005.199302041526@atlas.xylogics.com>
To: ietf-rip@xylogics.com
Subject: Security hole in RIP-2

There is a potential security hole in the RIP-2 authentication caused
by the backwards compatibility rules.  If you're running sending RIP-2
packets and accepting either version, there is no problem with the
periodic responses because they never leave you network so nobody can
snoop them to find the password.  This means that nobody from outside
your network can inject bogus routing packets because a RIP-2 router
would discard the unauthenticated response.  However, somebody from
outside could send a RIP-1 query to one of the routers sending RIP-2
responses.  The router would not authenticate the RIP-1 packet and
would then deliver the password in the response.

There are two solutions.  Ideally, the router has to be smart enough to
answer a RIP-1 query with a RIP-1 response, which may not be easy for
some implementations.  Otherwise, the documentation must clearly state
that authentication is only secure when the routers are configured to
accept only RIP-2 packets, so that the RIP-1 query would be discarded.

----------------------------------------------------------------------
Gary Malkin            "Felis Catus, is your taxonomic nomenclature an
(617) 272-8140         `exothermic quadruped, carnivorous by nature'?"

Security hole in RIP-2 Gary Scott Malkin
Re: Security hole in RIP-2 Noel Chiappa
Re: Security hole in RIP-2 Oliver Korfmacher
Re: Security hole in RIP-2 Jeffrey C Honig
Re: implementation detail Jeffrey C Honig
Re: minutes of RIPv2 meeting in Amsterdam Jeffrey C Honig
Re: Document updates Jeffrey C Honig
Re: Clarification of when authentication is used Jeffrey C Honig